What WikiLeaks' CIA document release means for students

WikiLeaks "Vault 7" exposed hacking techniques accessible to the CIA. Fortunately students are not the target

WikiLeaks began publishing a series of confidential CIA documents earlier this month, detailing its access to malware, hacking and surveillance tools that target smart devices, and the reports are causing concern.

The collection of documents titled "Vault 7" is what WikiLeaks calls the "largest ever publication of confidential documents on the agency." The first part of the publication March 7, things such as a vulnerabilities in smart televisions and cell phone hacking tools were disclosed — devices used by most college-aged students.

But students and researchers at ASU advise students not to worry.

Eric Nunes, a computer engineering Ph.D student, is currently conducting research on cyber security and how to get ahead of attacks by better detecting them.

Nunes said that all the tools developed have been created for a specific target in mind, “so they won't be interested in hacking your or my phone.”

He said that the CIA did not completely come up with these hacking tools alone, but rather gathered people who could and supplied the necessary tools.

“Most of the capabilities that (WikiLeaks) have found are developed by different people and they have just gathered it and put it in one place and maybe made some improvements,” Nunes said.

He said that when companies like Google and Microsoft realize there a is vulnerability in their software, they create patches, which are updates that mend the weaknesses of the software.

“Just keep your phones updated so that you have the patches which can actually protect you against whatever vulnerabilities are being disclosed in the Vault 7,” Nunes said.

Hackers do not need to work for the CIA in order to use the CIA’s tools, Nunes said. The CIA can pass down different tools to companies and agencies, which can then possibly end up in the hands of the wrong person. 

“If you have the software that can actually do it, and with a little bit of reading on how to use that tool, you could be able to (hack) it,” he said.

One hacking tool that WikiLeaks said they they found in the CIA documents was a "fake-off" mode for smart TVs in which the screen turns off but the device remains turned on.

“It's still waiting to hear the signal back," Nunes said. "So what (WikiLeaks) said is that it's a vulnerability that lets the CIA actually turn on the audio, the microphone on the TV, so whatever conversation going on in the room can actually be recorded.”

The ‘fake-off’ mode as described by Nunes is a form of hacking that can affect anybody. The TV that the hacks have targeted is the Samsung F8000 Smart TV. Nunes advises to keep all devices up to date. 

“Update your devices regularly when updates are available, especially if they say these are security fixes, because they are trying to fix some kind of vulnerability that was discovered in the device,” Nunes said.

Mohammed Almukaynizi, a computer science Ph.D student, believes these newly published hacking tools will not affect students.

"Students don’t have valuable documents,” Almukaynizi said. “I think that the average person should take it seriously, it's important."

Marcus Stilwell, an ASU computer science major, said that in order to be cautious, people must keep in mind where they are putting their information.

“If you give it to a company or website, if somebody can get into, or break into, wherever they store their data, which if you're like the NSA or somebody that has a lot of power and technology behind them, then that can get them pretty much anywhere,” Stilwell said.

Related: Professors explain the flaws of a 'password system' in a digital world

For students who would like prevent hacking of their accounts or devices, Stilwell said that no one can ever be 100 percent safe.

Stilwell said that some websites offer a two-step authentication, where if you sign into an account on a different device, it will ask for a code which would be received by a smartphone.

Almukaynizi offered a warning for those who take cybersecurity lightly.

“If we don't keep up with implementing such cyber security policies, then we might fall short of defending ourselves,” Almukaynizi said.


Reach the reporter at stefany.marquez@asu.edu and on Twitter @stefmarz.

Like The State Press on Facebook and follow @statepress on Twitter.


Get the best of State Press delivered straight to your inbox.